On 10 feb 2011, at 03:06, Stephen Fisher wrote:
> On Wed, Feb 09, 2011 at 03:26:22PM -0500, Maverick wrote:
>
>> If a user is clicked on a link from an https site and that link isn't
>> using ssl itself can we detect the refere information in that case.
>
> Yes, but then it isn't an "https" site and is instead an "http" site.
Funny, I would have expected this to (a "https://xxx referer in the http request), but I just tested with Firefox and whenever I follow a link on an https page to a non-https page (either on the same site or a different site), there is just no "Referer:" header. I'm not sure how other browsers are dealing with this, so I checked the RFC[1]. It states in 15.1.3:
Clients SHOULD NOT include a Referer header field in a (non-secure)
HTTP request if the referring page was transferred with a secure
protocol.
So there is your answer why you don't get the referer information.
Cheers,
Sake
[1] http://tools.ietf.org/html/rfc2616#section-15.1.3